| Anonymous | Login | Signup for a new account | 12-17-2024 08:31 PST |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||||
| 0003329 | [Quercus] | minor | always | 02-09-09 01:12 | 02-09-09 06:55 | ||||
| Reporter | tlandmann | View Status | public | ||||||
| Assigned To | nam | ||||||||
| Priority | normal | Resolution | fixed | ||||||
| Status | closed | Product Version | 3.2.1 | ||||||
| Summary | 0003329: unserialize crashes with Java exception under certain circumstances | ||||||||
| Description |
When unserialize() is given a broken serialized string, mod_php consistently returns FALSE. However Quercus in the same situation frequently crashes with a Java exception. For instance this call crashes Quercus: unserialize('s:20:"a string";'); Note the small attachment to this report for a slightly more detailed understanding. Please note that the problem doesn't seem to be limited to plain strings only but also to arrays as well as strings nested in them. At the moment as a workaround the fully-compatible "correct" behaviour can be emulated by coding like this: $unserialized_result=unserialize($string); // version that may crash => has to become: $unserialized_result=null; try { $unserialized_result=unserialize($string); } catch (Exception $e) { $unserialized_result=false; } However, this is obviously not a preferred long-term approach. I'd like to point out that the problem is more than just academic. One of the latest versions of Drupal "installs" such invalid serialized strings in the database, perhaps due to some misconceptions about character encodings (i.e. when an UTF-8-encoded string gets serialized using a different encoding, strings lengths may differ later on). In any case I recommend fixing the issue. I'd also like to mention again that I recently reported another issue in connection with serialize()/unserialize() (0003307) that you might want to solve right away in the course of anyways touching serialize() and unserialize(). |
||||||||
| Additional Information | |||||||||
| Attached Files |
 unserialize_bug_demo.php [^] (346 bytes) 02-09-09 01:12 |
||||||||
|
|
|||||||||
 Relationships |
|
|
Notes |
|
|
(0003815) nam 02-09-09 06:55 |
php/1222 Fixed for 4.0. Thanks for the report. To expedite things, please include the stack trace in future reports. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 02-09-09 01:12 | tlandmann | New Issue | |
| 02-09-09 01:12 | tlandmann | File Added: unserialize_bug_demo.php | |
| 02-09-09 06:54 | nam | Status | new => assigned |
| 02-09-09 06:54 | nam | Assigned To | => nam |
| 02-09-09 06:55 | nam | Status | assigned => closed |
| 02-09-09 06:55 | nam | Note Added: 0003815 | |
| 02-09-09 06:55 | nam | Resolution | open => fixed |
| 02-09-09 06:55 | nam | Fixed in Version | => 4.0.0 |
| Mantis 1.0.0rc3[^]
Copyright © 2000 - 2005 Mantis Group
31 total queries executed. 27 unique queries executed. |  |
